+

US20090113544A1 - Accessing password protected devices - Google Patents

Accessing password protected devices Download PDF

Info

Publication number
US20090113544A1
US20090113544A1 US11/930,693 US93069307A US2009113544A1 US 20090113544 A1 US20090113544 A1 US 20090113544A1 US 93069307 A US93069307 A US 93069307A US 2009113544 A1 US2009113544 A1 US 2009113544A1
Authority
US
United States
Prior art keywords
password
peripheral device
power
operations
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/930,693
Other versions
US8056127B2 (en
Inventor
Raphael P. Chancey
Eduardo T. Kahan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/930,693 priority Critical patent/US8056127B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHANCEY, RAPHAEL P., KAHAN, EDUARDO T.
Publication of US20090113544A1 publication Critical patent/US20090113544A1/en
Application granted granted Critical
Publication of US8056127B2 publication Critical patent/US8056127B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • Embodiments of the invention generally relate to the field of password protected peripheral devices, and more particularly to methods of accessing data on peripheral devices without having to reboot a computer.
  • Plug-and-play is a common feature of most of today's computer systems. Plug-and-play allows computer systems to automatically recognize peripheral devices. Thus, it eliminates the need to set switches, jumpers, and other configuration elements. Peripheral devices can include hard disk drives, video cameras, cellular phones, digital cameras, etc. Some peripheral devices can be password protected to shield internal data from theft or damage. As a result, some peripheral devices are not accessible when they are plugged-into a computer system. For example, even though plug-and-play features allow a computer system to recognize a peripheral device, the peripheral device may remain inaccessible until it receives a password.
  • Embodiments of the invention include a method that comprises receiving and storing a power-on password.
  • the method includes receiving a power-on password, wherein the receiving of the power-on password occurs during power-on operations of a computer.
  • the method can also include storing the power-on password, wherein the storing includes saving the power-on password in memory.
  • the method can also include loading an operating system to control the computer, wherein the loading occurs after the power-on operations.
  • the method can also include detecting, after the loading, that a peripheral device has been added to the computer and determining that an access password is needed to access the peripheral device.
  • the method can also include transmitting the power-on password to the peripheral device and presenting a prompt requesting a secondary password.
  • the method can also include receiving the secondary password, transmitting the secondary password to the peripheral device, and accessing the peripheral device.
  • FIG. 1 illustrates a computer system 100 capable of automatically logging onto devices that require a password, according to some embodiments of the invention.
  • FIG. 2 is a flow diagram illustrating the operations of the BIOS 114 , according to some embodiments of the invention.
  • FIG. 3 is a flow diagram illustrating the operations of the peripheral device 102 , according to some embodiments of the invention.
  • the notebook first sends a power-on password stored in BIOS, and if that does not “unlock” the disk drive, it presents a user interface for receiving a password for the disk drive. In turn, the notebook can send the password to the disk drive.
  • BIOS basic-programmable gate array
  • BIOS extensions can be implemented in place of components.
  • well-known instruction instances, protocols, structures and techniques have not been shown in detail in order not to obfuscate the description.
  • FIG. 1 illustrates a computer system 100 capable of automatically logging onto devices that require a password, according to some embodiments of the invention.
  • the computer system 100 includes a peripheral device 102 , a bus interface cable 108 (e.g., parallel ATA, IDE, USB, etc.), and a motherboard 110 .
  • the peripheral device 102 can include a variety of devices, such as external hard drives, storage devices, media devices, or any other suitable devices.
  • the motherboard 110 includes a central processing unit (CPU) 112 , a basic input output system (BIOS) 114 , and system memory 115 . As shown, the CPU 112 is connected to the system memory 115 via a system bus 120 .
  • the BIOS 114 includes a device interface unit 116 , password unit 118 , power-on unit 124 , and password store 126 .
  • An expansion bus 122 connects the BIOS 114 to the peripheral device 102 and the system bus 120 .
  • the BIOS' power-on unit 124 can handle the computer system's low level operations, such as a power-on self test and booting the operating system from an attached hardware device. Furthermore, it can establish an interface between the operating system and the computer hardware by providing a number of interrupt handlers and other components. For example, one of the interrupt handlers can be a keyboard interrupt handler that enables the CPU 112 to read keystrokes for a keyboard. BIOS 114 can also facilitate various complex functions such as hot swapping, power management, and thermal management. The BIOS 114 can be embodied in a semiconductor memory, such as PROM, EPROM, or flash memory. The BIOS 114 can store power-on passwords and oilier data in the password store 126 .
  • BIOS' password unit 118 can present user interfaces for receiving passwords. For example, during power-on operations, the password unit 118 can present a user interface in which a user can enter a power-on password. The password unit 118 can also present password interfaces after BIOS completes power-on operations. BIOS' device interface unit 116 can receive password requests from the peripheral device 102 and it can transmit passwords to the peripheral device 102 . The device interface unit 116 can receive the password requests daring power-on operations and after power-on operations are complete. The device interface unit 116 can respond to the password requests by transmitting passwords (e.g., passwords from the password store 126 and passwords received via a user interface) to the peripheral device 102 .
  • passwords e.g., passwords from the password store 126 and passwords received via a user interface
  • the computer system 100 also includes a peripheral device 102 that requires a password before it allows other components (e.g., the CPU 112 ) to access it.
  • the peripheral device 102 can include a data storage device that requires a password before allowing access to its data.
  • the peripheral device includes a password request unit 104 and password verification unit 106 .
  • the peripheral device 102 can be connected to the computer system 100 at power-on or it can be connected later (i.e., after BIOS 114 has completed power-on operations). In either case, the peripheral device's password request unit 104 can request access passwords from the motherboard 110 .
  • the peripheral device's password verification unit 106 can receive passwords from the motherboard 110 (e.g., during or after power-on operations) and verify that the passwords match a stored access password.
  • the peripheral device 102 and the mother board 110 can include many other components, such as ports, I/O controllers, busses, audio & video devices, etc.
  • any component of the BIOS 114 can be implemented as a BIOS extension.
  • any of the components described herein can include hardware, firmware, and/or machine-readable media including instructions for performing the operations described herein.
  • Machine-readable media includes any mechanism that provides (i.e., stores and/or transmits) information in a form readable by a machine (e.g., a game machine, computer, etc.).
  • tangible machine-readable media includes read only memory (ROM), random access memory (RAM), magnetic disk storage media, optical storage media, flash memory machines, etc.
  • Machine-readable media also includes any media suitable for transmitting software over a network.
  • the operations can be performed by executing instructions residing on machine-readable media (e.g., software), while in other embodiments, the operations can be performed by a combination of software, hardware, and/or other logic (e.g., firmware). In some embodiments, the operations can be performed in series, while in other embodiments, one or more of the operations can be performed in parallel. Moreover, some embodiments can perform less than all the operations shown in the Figures.
  • machine-readable media e.g., software
  • firmware e.g., firmware
  • the operations can be performed in series, while in other embodiments, one or more of the operations can be performed in parallel.
  • some embodiments can perform less than all the operations shown in the Figures.
  • FIG. 2 is a flow diagram illustrating the operations of the BIOS 114 , according to some embodiments of the invention. The flow 200 will be described with reference to the computer system in FIG. 1 . In FIG. 2 , flow 200 begins at block 202 .
  • the password unit 118 receives a password through a graphical user interface (GUI).
  • GUI graphical user interface
  • the power-on unit 124 initializes several motherboard components such as a clock generator (not shown), PCI devices (not shown), the CPU 112 , system memory 115 , the primary graphics controller (not shown), etc.
  • the password unit 118 presents a GUI for receiving a power-on password.
  • the password unit 118 can authenticate a user by comparing the password to a power-on password stored in the password store 126 . The flow continues at block 204 .
  • the device interface unit 116 provides the power-on password stored in the password store 126 to existing peripheral devices connected during the power on startup test (POST) phase.
  • POST power on startup test
  • the BIOS 114 determines if a request for an access password has been received from the peripheral device 102 .
  • a user can disconnect an existing peripheral device that was present during the POST phase and replace it with a new peripheral device (e.g., hard drive, digital device, storage device, etc.) that requires a password before allowing outside devices access to it or its internal data.
  • a new peripheral device e.g., hard drive, digital device, storage device, etc.
  • the BIOS 114 can detect whether the peripheral device 102 is locked and requires a password without receiving a request. If the BIOS 114 determines that no request for an access password has been received, the flow ends. If the BIOS 114 determines that a request for an access password has been received, the flow continues at block 208 .
  • the device interface unit 116 retrieves the power-on password from the password store 126 or other location. The device interface unit 116 will later send the retrieved password to the peripheral device 102 in response to the request for an access password. The flow continues at block 210 .
  • the device interface unit 116 transmits the power-on password to the peripheral device 102 .
  • the peripheral device's password verification unit 106 will compare the power-on password to the required access password to determine whether it will grant access to the motherboard 110 .
  • the flow continues at block 212 .
  • the device interface unit 116 determines whether the peripheral device 102 has requested another password. The peripheral device 102 can make such a request when the power-on password (or previously entered secondary password) does not match the required access password. If the BIOS 114 determines that no additional password request has been made, the flow ends. If the BIOS 114 determines that a request for a password has been made, the flow continues at block 214 .
  • the password unit 118 presents a prompt for a secondary password to be entered.
  • the password unit 118 presents a graphical window in which a user can enter the secondary password. Because the BIOS can procure a secondary password after start-up operations are complete, it can avoid the delay of having to shut-down or restart a computer system.
  • a user can be given a limited number of opportunities to enter a secondary password before being locked out by the peripheral device. For example, an embodiment of the invention can have an attempt limit counter. After each failed secondary password entry, the attempt limit counter will be decremented until the limit counter equals a value. The flow continues at block 216 .
  • the password unit 118 receives the secondary password from a user. The flow continues at block 218 .
  • the device interface unit 116 transmits the secondary password to the peripheral device 102 . From block 218 , the flow ends.
  • FIG. 3 is a flow diagram illustrating the operations of the peripheral device 102 , according to some embodiments of the invention.
  • a user can disconnect an existing peripheral device that was present during the POST phase and replace it with a new peripheral device (e.g., hard drive, digital device, storage device, etc.).
  • a user can add a peripheral device that was not present at start-up.
  • the operations of FIG. 3 cover either instance,
  • flow 300 begins at block 308 , where the peripheral device's password request unit 104 requests a password from the BIOS 114 via the device interface unit 116 prior to allowing access to data on peripheral device 102 .
  • the peripheral device 102 can be connected to the computer system 100 after power-on operations, so this operation can occur after the BIOS 114 has completed power-on operations.
  • the flow continues at block 310 .
  • the password verification unit 106 receives a password.
  • the password that is initially received is the power-on password stored in the password store 126 . Later, if the flow 300 loops back to 310 , the password can be one that the BIOS acquired through a graphical user interface after power-on operations have completed. The flow continues at block 312 .
  • the password verification unit 104 determines if the received password matches the required access password. In some embodiments, the access password resides in the password verification unit 104 . If the password verification unit 104 determines that the received password matches the access password for the peripheral device, the flow continues at block 314 . If the password verification unit 104 determines that the received password does not match the access password for the peripheral device, the flow returns to block 308 , where the password request unit 104 will again request a password from the BIOS 114 . As described above, the BIOS 114 can procure another password through a user interface and provide the password to the peripheral device without restarting. Thus, the peripheral device 102 can receive the needed password without delays for shutting-down and restarting the computer system 100 .
  • the peripheral device limits the number of password attempts by locking itself after a number of failed password matches.
  • an embodiment of the invention can have an attempt limit counter. For each failed password entry, the attempt limit counter will be decremented until the limit counter equals a limit value. The steps previously noted will be repeated until the password verification unit 106 determines that the received password matches the access password for the peripheral device or until the limit counter equals the limit value.
  • the password verification unit 104 allows access to the peripheral devices data.
  • the password verification unit 104 can allow access to device services (e.g., print, display, etc.). From block 314 , the flow ends.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Embodiments of the invention include a method that comprises receiving and storing a power-on password. Embodiments of the invention include a method that comprises receiving and storing a power-on password. In one embodiment, the method includes receiving a power-on password, wherein the receiving of the power-on password occurs during power-on operations of a computer. The method can also include storing the power-on password, wherein the storing includes saving the power-on password in memory. The method can also include loading an operating system to control the computer, wherein the loading occurs after the power-on operations. The method can also include detecting, after the loading, that a peripheral devices has been added to the computer and determining that an access password is needed to access the peripheral device. The method can also include transmitting the power-on password to the peripheral device and presenting a prompt requesting a secondary password; receiving the secondary password. The method can also include transmitting the secondary password to the peripheral device; and accessing the peripheral device.

Description

    FIELD OF INVENTION
  • Embodiments of the invention generally relate to the field of password protected peripheral devices, and more particularly to methods of accessing data on peripheral devices without having to reboot a computer.
    • BACKGROUND
  • Plug-and-play is a common feature of most of today's computer systems. Plug-and-play allows computer systems to automatically recognize peripheral devices. Thus, it eliminates the need to set switches, jumpers, and other configuration elements. Peripheral devices can include hard disk drives, video cameras, cellular phones, digital cameras, etc. Some peripheral devices can be password protected to shield internal data from theft or damage. As a result, some peripheral devices are not accessible when they are plugged-into a computer system. For example, even though plug-and-play features allow a computer system to recognize a peripheral device, the peripheral device may remain inaccessible until it receives a password.
    • SUMMARY
  • Embodiments of the invention include a method that comprises receiving and storing a power-on password. In one embodiment, the method includes receiving a power-on password, wherein the receiving of the power-on password occurs during power-on operations of a computer. The method can also include storing the power-on password, wherein the storing includes saving the power-on password in memory. The method can also include loading an operating system to control the computer, wherein the loading occurs after the power-on operations. The method can also include detecting, after the loading, that a peripheral device has been added to the computer and determining that an access password is needed to access the peripheral device. The method can also include transmitting the power-on password to the peripheral device and presenting a prompt requesting a secondary password. The method can also include receiving the secondary password, transmitting the secondary password to the peripheral device, and accessing the peripheral device.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present embodiments may be better understood, and numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying drawings.
  • FIG. 1 illustrates a computer system 100 capable of automatically logging onto devices that require a password, according to some embodiments of the invention.
  • FIG. 2 is a flow diagram illustrating the operations of the BIOS 114, according to some embodiments of the invention.
  • FIG. 3 is a flow diagram illustrating the operations of the peripheral device 102, according to some embodiments of the invention.
    •  DESCRIPTION OF EMBODIMENTS
  • Computer users often want to plug-in password protected hard disks and other peripherals into their notebook computers after start-up. Some notebooks cannot provide passwords to hard disks after power-on operations are complete. However, some embodiments of the invention allow notebooks to provide passwords to hard disks after start-up, avoiding delays associated with shutting down and restarting. In some embodiments, the notebook first sends a power-on password stored in BIOS, and if that does not “unlock” the disk drive, it presents a user interface for receiving a password for the disk drive. In turn, the notebook can send the password to the disk drive.
  • While this introduction refers to notebooks and hard disk drives, some embodiments work with any suitable computer and peripheral device. These and other features are described in greater detail below.
  • The description that follows includes exemplary systems, methods, techniques, instruction sequences and computer program products that embody techniques of the present invention. However, it is understood that the described invention may be practiced without these specific details. For instance, although examples refer to the functionality of the BIOS in terms of components, BIOS extensions can be implemented in place of components. In other instances, well-known instruction instances, protocols, structures and techniques have not been shown in detail in order not to obfuscate the description.
  • FIG. 1 illustrates a computer system 100 capable of automatically logging onto devices that require a password, according to some embodiments of the invention. The computer system 100 includes a peripheral device 102, a bus interface cable 108 (e.g., parallel ATA, IDE, USB, etc.), and a motherboard 110. The peripheral device 102 can include a variety of devices, such as external hard drives, storage devices, media devices, or any other suitable devices. In FIG. 1, the motherboard 110 includes a central processing unit (CPU) 112, a basic input output system (BIOS) 114, and system memory 115. As shown, the CPU 112 is connected to the system memory 115 via a system bus 120. The BIOS 114 includes a device interface unit 116, password unit 118, power-on unit 124, and password store 126. An expansion bus 122 connects the BIOS 114 to the peripheral device 102 and the system bus 120.
  • The BIOS' power-on unit 124 can handle the computer system's low level operations, such as a power-on self test and booting the operating system from an attached hardware device. Furthermore, it can establish an interface between the operating system and the computer hardware by providing a number of interrupt handlers and other components. For example, one of the interrupt handlers can be a keyboard interrupt handler that enables the CPU 112 to read keystrokes for a keyboard. BIOS 114 can also facilitate various complex functions such as hot swapping, power management, and thermal management. The BIOS 114 can be embodied in a semiconductor memory, such as PROM, EPROM, or flash memory. The BIOS 114 can store power-on passwords and oilier data in the password store 126.
  • BIOS' password unit 118 can present user interfaces for receiving passwords. For example, during power-on operations, the password unit 118 can present a user interface in which a user can enter a power-on password. The password unit 118 can also present password interfaces after BIOS completes power-on operations. BIOS' device interface unit 116 can receive password requests from the peripheral device 102 and it can transmit passwords to the peripheral device 102. The device interface unit 116 can receive the password requests daring power-on operations and after power-on operations are complete. The device interface unit 116 can respond to the password requests by transmitting passwords (e.g., passwords from the password store 126 and passwords received via a user interface) to the peripheral device 102.
  • The computer system 100 also includes a peripheral device 102 that requires a password before it allows other components (e.g., the CPU 112) to access it. For example, the peripheral device 102 can include a data storage device that requires a password before allowing access to its data. The peripheral device includes a password request unit 104 and password verification unit 106. The peripheral device 102 can be connected to the computer system 100 at power-on or it can be connected later (i.e., after BIOS 114 has completed power-on operations). In either case, the peripheral device's password request unit 104 can request access passwords from the motherboard 110. The peripheral device's password verification unit 106 can receive passwords from the motherboard 110 (e.g., during or after power-on operations) and verify that the passwords match a stored access password.
  • Although not shown in FIG. 1, the peripheral device 102 and the mother board 110 can include many other components, such as ports, I/O controllers, busses, audio & video devices, etc. Also, any component of the BIOS 114 can be implemented as a BIOS extension. Furthermore, any of the components described herein can include hardware, firmware, and/or machine-readable media including instructions for performing the operations described herein. Machine-readable media includes any mechanism that provides (i.e., stores and/or transmits) information in a form readable by a machine (e.g., a game machine, computer, etc.). For example, tangible machine-readable media includes read only memory (ROM), random access memory (RAM), magnetic disk storage media, optical storage media, flash memory machines, etc. Machine-readable media also includes any media suitable for transmitting software over a network.
    • System Operations
  • This section describes operations performed by some embodiments of the systems described above. In certain embodiments, the operations can be performed by executing instructions residing on machine-readable media (e.g., software), while in other embodiments, the operations can be performed by a combination of software, hardware, and/or other logic (e.g., firmware). In some embodiments, the operations can be performed in series, while in other embodiments, one or more of the operations can be performed in parallel. Moreover, some embodiments can perform less than all the operations shown in the Figures.
  • FIG. 2 is a flow diagram illustrating the operations of the BIOS 114, according to some embodiments of the invention. The flow 200 will be described with reference to the computer system in FIG. 1. In FIG. 2, flow 200 begins at block 202.
  • At block 202, during power-on operations, the password unit 118 receives a password through a graphical user interface (GUI). When the computer system powers-on, the power-on unit 124 initializes several motherboard components such as a clock generator (not shown), PCI devices (not shown), the CPU 112, system memory 115, the primary graphics controller (not shown), etc. During the power-on operations, the password unit 118 presents a GUI for receiving a power-on password. After receiving the power-on password, the password unit 118 can authenticate a user by comparing the password to a power-on password stored in the password store 126. The flow continues at block 204.
  • At block 204, the device interface unit 116 provides the power-on password stored in the password store 126 to existing peripheral devices connected during the power on startup test (POST) phase. The flow continues at block 206.
  • At block 206, the BIOS 114 determines if a request for an access password has been received from the peripheral device 102. In some embodiments of the invention, a user can disconnect an existing peripheral device that was present during the POST phase and replace it with a new peripheral device (e.g., hard drive, digital device, storage device, etc.) that requires a password before allowing outside devices access to it or its internal data. For example, when the peripheral device 102 includes a hard disk drive, the drive can be password protected to prevent data theft. In some embodiments of the invention, the BIOS 114 can detect whether the peripheral device 102 is locked and requires a password without receiving a request. If the BIOS 114 determines that no request for an access password has been received, the flow ends. If the BIOS 114 determines that a request for an access password has been received, the flow continues at block 208.
  • At block 208, after detecting that a new peripheral device has been added, the device interface unit 116 retrieves the power-on password from the password store 126 or other location. The device interface unit 116 will later send the retrieved password to the peripheral device 102 in response to the request for an access password. The flow continues at block 210.
  • At block 210, the device interface unit 116 transmits the power-on password to the peripheral device 102. The peripheral device's password verification unit 106 will compare the power-on password to the required access password to determine whether it will grant access to the motherboard 110. The flow continues at block 212.
  • At block 212, the device interface unit 116 determines whether the peripheral device 102 has requested another password. The peripheral device 102 can make such a request when the power-on password (or previously entered secondary password) does not match the required access password. If the BIOS 114 determines that no additional password request has been made, the flow ends. If the BIOS 114 determines that a request for a password has been made, the flow continues at block 214.
  • At block 214, the password unit 118 presents a prompt for a secondary password to be entered. In some embodiments, the password unit 118 presents a graphical window in which a user can enter the secondary password. Because the BIOS can procure a secondary password after start-up operations are complete, it can avoid the delay of having to shut-down or restart a computer system. In some embodiments of the invention, a user can be given a limited number of opportunities to enter a secondary password before being locked out by the peripheral device. For example, an embodiment of the invention can have an attempt limit counter. After each failed secondary password entry, the attempt limit counter will be decremented until the limit counter equals a value. The flow continues at block 216.
  • At block 216, the password unit 118 receives the secondary password from a user. The flow continues at block 218.
  • At block 218, the device interface unit 116 transmits the secondary password to the peripheral device 102. From block 218, the flow ends.
  • FIG. 3 is a flow diagram illustrating the operations of the peripheral device 102, according to some embodiments of the invention. In some embodiments of the invention, a user can disconnect an existing peripheral device that was present during the POST phase and replace it with a new peripheral device (e.g., hard drive, digital device, storage device, etc.). In other embodiments, a user can add a peripheral device that was not present at start-up. The operations of FIG. 3 cover either instance,
  • In FIG. 3, flow 300 begins at block 308, where the peripheral device's password request unit 104 requests a password from the BIOS 114 via the device interface unit 116 prior to allowing access to data on peripheral device 102. As noted above, the peripheral device 102 can be connected to the computer system 100 after power-on operations, so this operation can occur after the BIOS 114 has completed power-on operations. The flow continues at block 310.
  • At block 310, the password verification unit 106 receives a password. In some embodiments of the invention, the password that is initially received is the power-on password stored in the password store 126. Later, if the flow 300 loops back to 310, the password can be one that the BIOS acquired through a graphical user interface after power-on operations have completed. The flow continues at block 312.
  • At block 312, the password verification unit 104 determines if the received password matches the required access password. In some embodiments, the access password resides in the password verification unit 104. If the password verification unit 104 determines that the received password matches the access password for the peripheral device, the flow continues at block 314. If the password verification unit 104 determines that the received password does not match the access password for the peripheral device, the flow returns to block 308, where the password request unit 104 will again request a password from the BIOS 114. As described above, the BIOS 114 can procure another password through a user interface and provide the password to the peripheral device without restarting. Thus, the peripheral device 102 can receive the needed password without delays for shutting-down and restarting the computer system 100.
  • In some embodiments of the invention, the peripheral device limits the number of password attempts by locking itself after a number of failed password matches. For example, an embodiment of the invention can have an attempt limit counter. For each failed password entry, the attempt limit counter will be decremented until the limit counter equals a limit value. The steps previously noted will be repeated until the password verification unit 106 determines that the received password matches the access password for the peripheral device or until the limit counter equals the limit value.
  • The flow continues at block 314.
  • At block 314, the password verification unit 104 allows access to the peripheral devices data. For embodiments in which the peripheral device is not a storage device, the password verification unit 104 can allow access to device services (e.g., print, display, etc.). From block 314, the flow ends.
    • Other Embodiments
  • While the invention(s) is (are) described with reference to various implementations and exploitations, it will be understood that these embodiments are illustrative and that the scope of the invention(s) is not limited to them. In general, the techniques described herein may be implemented with facilities consistent with any hardware system or hardware systems. Many variations, modifications, additions, and improvements are possible.
  • Plural instances may be provided for components, operations or structures described herein as a single instance. Finally, boundaries between various components, operations and data stores are somewhat arbitrary, and particular operations are illustrated in the contest of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within the scope of the invention(s). In general, structures and functionality presented as separate components in the exemplary configurations may be implemented as a combined structure or component. Similarly, structures and functionality presented as a single component may be implemented as separate components. These and other variations, modifications, additions, and improvements may fall within the scope of the invention(s).

Claims (16)

1. A method comprising:
receiving a first password during power-on operations of a computer;
comparing the first password to a power-on password stored in memory;
loading an operating system to control the computer, wherein the loading occurs after the power-on operations;
detecting, after the loading, that a peripheral device has been added to the computer;
determining that a second password is needed to access the peripheral device;
transmitting the power-on password to the peripheral device;
presenting a prompt requesting the second password;
receiving the second password;
transmitting the second password to the peripheral device; and
accessing the peripheral device.
2. The method of claim 2, further comprising comparing the second password to an access password stored in the peripheral device.
3. The method of claim 3 further comprising:
granting access to the peripheral device if the second password matches the access password.
4. The method of claim 1, wherein the determining includes detecting a request for the second password from the peripheral device.
5. The method of claim 1, wherein the prompt includes a graphical user interface for receiving the second password through the graphical user interface.
6. The method of claim 1 further comprising:
decrementing a limit counter that precludes receipt of the second password after the limit counter equals a limit value.
7. An computer system comprising:
a basic input output system (BIOS) including,
a power-on unit configured to perform power-on operations that initialize components of the computer system;
a password store configured to store a power-on password;
a device interface unit configured to detect a password request from a peripheral device and to transmit the power-on password to the peripheral device after the power-on operations are complete;
a password unit configured to procure, after the power-on operations are complete, a second password for transmission to the peripheral device, wherein peripheral device includes,
a password request unit configured to receive the power-on password and the second password; and
a password verification unit configured to grant access to the peripheral device based on the power-on password and the second password.
8. The computer system of claim 7, wherein the password verification unit is further configured to compare the power-on password to an access password stored in the peripheral device and to compare the second password to the access password.
9. The computer system of claim 7, wherein the password unit is configured to procure the second password by presentation of a graphical user interface and receipt of the second password through the graphical user interface.
10. The computer system of claim 7, wherein the password unit is further configured to decrement a limit counter that precludes receipt of the second password after the limit counter reaches a limit value.
11. A machine-readable medium including instructions that when executed by a machine case the machine to perform operations comprising:
receiving a first password during power-on operations of a computer;
comparing the first password to a power-on password stored in memory;
loading an operating system to control the computer, wherein the loading occurs after the power-on operations;
detecting, after the loading, that a peripheral devices has been added to the computer;
determining that a second password is needed to access the peripheral device;
transmitting the power-on password to the peripheral device;
presenting a prompt requesting the second password;
receiving the second password;
transmitting the second password to the peripheral device; and
accessing the peripheral device.
12. The machine-readable medium of claim 11, where the operations further comprise:
comparing the second password to an access password stored in the peripheral device.
13. The machine-readable medium of claim 12, where the operations further comprise:
granting access to the peripheral device if the secondary password matches the access password.
14. The machine-readable medium of claim 11, wherein the determining includes receiving a request for the second password from the peripheral device.
15. The machine-readable medium of claim 11, wherein the prompt includes a graphical user interface for receiving the second password through the graphical user interface.
16. The machine-readable medium of claim 11, where the operations further comprise:
decrementing a limit counter that precludes receipt of the second password after the limit counter equals a limit value.
US11/930,693 2007-10-31 2007-10-31 Accessing password protected devices Active 2030-04-27 US8056127B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/930,693 US8056127B2 (en) 2007-10-31 2007-10-31 Accessing password protected devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/930,693 US8056127B2 (en) 2007-10-31 2007-10-31 Accessing password protected devices

Publications (2)

Publication Number Publication Date
US20090113544A1 true US20090113544A1 (en) 2009-04-30
US8056127B2 US8056127B2 (en) 2011-11-08

Family

ID=40584664

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/930,693 Active 2030-04-27 US8056127B2 (en) 2007-10-31 2007-10-31 Accessing password protected devices

Country Status (1)

Country Link
US (1) US8056127B2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017587A1 (en) * 2008-07-16 2010-01-21 Wiginton Scotty M Method and system for securing an option ROM configuration
US20140366116A1 (en) * 2009-12-21 2014-12-11 Ned M. Smith Protected device management
US9411975B2 (en) 2014-03-31 2016-08-09 Intel Corporation Methods and apparatus to securely share data
US20210041126A1 (en) * 2018-03-02 2021-02-11 Gree Electric Appliances, Inc. Of Zhuhai Method, Device and System for Networking Air Conditioning Units, Storage Medium, and Processor

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010011947A1 (en) * 1999-05-24 2001-08-09 Muhammed Jaber System and method for securing a computer system
US20030208696A1 (en) * 2002-05-01 2003-11-06 Compaq Information Technologies Group, L.P. Method for secure storage and verification of the administrator, power-on password and configuration information
US20050138433A1 (en) * 2003-12-23 2005-06-23 Zone Labs, Inc. Security System with Methodology for Defending Against Security Breaches of Peripheral Devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010011947A1 (en) * 1999-05-24 2001-08-09 Muhammed Jaber System and method for securing a computer system
US20030208696A1 (en) * 2002-05-01 2003-11-06 Compaq Information Technologies Group, L.P. Method for secure storage and verification of the administrator, power-on password and configuration information
US20050138433A1 (en) * 2003-12-23 2005-06-23 Zone Labs, Inc. Security System with Methodology for Defending Against Security Breaches of Peripheral Devices

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017587A1 (en) * 2008-07-16 2010-01-21 Wiginton Scotty M Method and system for securing an option ROM configuration
US20140366116A1 (en) * 2009-12-21 2014-12-11 Ned M. Smith Protected device management
US9426147B2 (en) * 2009-12-21 2016-08-23 Intel Corporation Protected device management
US20160342798A1 (en) * 2009-12-21 2016-11-24 Intel Corporation Protected device management
US9411975B2 (en) 2014-03-31 2016-08-09 Intel Corporation Methods and apparatus to securely share data
US9912645B2 (en) 2014-03-31 2018-03-06 Intel Corporation Methods and apparatus to securely share data
US20210041126A1 (en) * 2018-03-02 2021-02-11 Gree Electric Appliances, Inc. Of Zhuhai Method, Device and System for Networking Air Conditioning Units, Storage Medium, and Processor
US11761658B2 (en) * 2018-03-02 2023-09-19 Gree Electric Appliances, Inc. Of Zhuhai Method, device and system for networking air conditioning units, storage medium, and processor

Also Published As

Publication number Publication date
US8056127B2 (en) 2011-11-08

Similar Documents

Publication Publication Date Title
US11520894B2 (en) Verifying controller code
US9886580B2 (en) Method for optimizing boot time of an information handling system
US9292302B2 (en) Allowing bypassing of boot validation in a computer system having secure boot enabled by default only under certain circumstances
EP2989579B1 (en) Redundant system boot code in a secondary non-volatile memory
US9734339B2 (en) Retrieving system boot code from a non-volatile memory
US7769993B2 (en) Method for ensuring boot source integrity of a computing system
US8923520B2 (en) System and method for recovery key management
EP2965195B1 (en) User authorization and presence detection in isolation from interference from and control by host central processing unit and operating system
US11200065B2 (en) Boot authentication
US10599848B1 (en) Use of security key to enable firmware features
US8056127B2 (en) Accessing password protected devices
US20200159543A1 (en) Information Handling Systems And Methods To Selectively Control Ownership Of A Hardware Based Watchdog Timer (WDT)
US11861011B2 (en) Secure boot process
US12169566B2 (en) Untrusted orchestrator function subsystem inventory and verification system
US11347859B2 (en) Systems and methods for leveraging authentication for cross operating system single sign on (SSO) capabilities
US11775465B2 (en) Intra-chassis device multi-management domain system
CN115421793A (en) Display method of starting state and computing equipment
US11340796B2 (en) Method for managing sleep mode at a data storage device and system therefor
WO2007098642A1 (en) MECHANlSM FOR ACCESS CONTROL OF COMPUTING SYSTEM IN PRE-OS STAGE
EP4172828B1 (en) Static configuration of accelerator card security modes
US11734457B2 (en) Technology for controlling access to processor debug features
US7143278B2 (en) Method and apparatus for offloaded enhanced boot process
US12164641B1 (en) Designating an operational mode for an integrated circuit
US11960337B2 (en) Customized thermal and power policies in computers
US20240430094A1 (en) Encrypted storage

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHANCEY, RAPHAEL P.;KAHAN, EDUARDO T.;REEL/FRAME:020084/0472

Effective date: 20071030

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载